fbpx

MFA Engineer for Migration

Customer is seeking to migrate from their current MFA solution to Azure MFA. As a part of this initiative, the Customer wishes to integrate several SaaS applications, VPN, and Citrix NetScaler to Azure AD to leverage MFA through conditional access. This includes the following applications and services:

Application Name App Type Integration Method
PeopleCenter SaaS ADFS 4.0
Pulse Secure VPN Virtual Appliance App Integrated
Citrix Netscaler Appliance App Integrated
Cisco ASA VPN – multi-site Appliance App Integrated
SWAP ?? App Integrated (I believe)
Mail-eu.gtech.com Italy TMG Server App Integrated
Harvard Business Publishing SaaS ADFS 4.0
OneSource Global Trade Management SaaS ADFS 4.0
Deloitte-Berson SaaS ADFS 4.0
Everbridge SaaS ADFS 4.0
Everbridge Members SaaS ADFS 4.0
SAP SuccessFactors SaaS ADFS 4.0
SAP IBP (Cloud) SaaS ADFS 4.0
SAP SuccessFactors SaaS ADFS 4.0
SAP SAC (SAP Analytics Cloud) SaaS ADFS 4.0
EasyVista ITSM SaaS ADFS 4.0

The work outlined in this document includes evaluating the current environment, migrating the federated SaaS and non-federated apps to Azure, creating several Conditional Access rules to enforce MFA, and assisting with enrolling their end-users into the new MFA service.

Objectives and High-Level Scope

The objectives for this engagement are as follows:

Phase 1

  • Assess and plan the move of the on-premise and federated applications with the appropriate application teams.
  • Configure MFA service settings.
  • Configure necessary Conditional Access settings.
  • Plan for end-user communication.

Phase 2

  • Move applications into Azure AD either through the Azure Marketplace or as non-Marketplace applications.
  • Configure and deploy Conditional Access rules for test users.
  • Plan for production rollout and rollback plan.

Phase 3

  • Production rollout

Detailed Scope

The following table lists the detailed work effort and estimated time for each item.

Action Time Estimate (days)
Phase 1  
Assess and plan the move of the on-premise and federated applications with the appropriate application teams. People Center Pulse Secure VPN Citrix NetScaler Cisco ASA VPN SWAP Mail-eu.gtech.com Harvard Business Publishing OneSource Global Trade Management Deloitte-Berson Everbridge Everbridge Members SAP SuccessFactors SAP IBP (Cloud) SAP SuccessFactors SAP SAC (SAP Analytics Cloud) EasyVista ITSM 5
Configure MFA service settings Account lockout Fraud alert Notifications Phone call settings 2
Configure necessary Conditional Access settings Named locations 1
Plan for end-user communication https://www.microsoft.com/en-us/download/details.aspx?id=57600 2
Phase 1 10 days
Phase 2  
Move applications into Azure AD either through the Azure Marketplace or as non-Marketplace applications. 10
Configure and deploy Conditional Access rules for test users 5
Plan for production rollout and rollback plan 5
Prepare a MFA\SSO rollout plan for handoff 5
Phase 2 25 days
Total All Phases 35 days

Client Scope

  • Coordinate resources and staff schedules.  
  • Make appropriate resources available for assistance, knowledge transfer, and training throughout the entirety of this engagement.  
  • Provide necessary, work site access and necessary computer system log-ons and passwords.
  • Provide up to 10 users for validation and testing.

Out of Scope

  • PKI and certificate infrastructure planning or installation. 
  • Operational documentation.
  • Formal training.
>